CVE-2005-3201

Name of the Vulnerable Software and Affected Versions Utopia News Pro (UNP) version 1.1.3

Description The issue allows remote attackers to execute arbitrary SQL commands due to a SQL injection vulnerability in the news.php file. This occurs when magic quotes gpc is disabled and register globals is enabled, specifically through the newsid parameter in the API endpoint "/news.php".

Recommendations For Utopia News Pro (UNP) version 1.1.3, consider disabling the newsid parameter in the news.php file until a patch is available, or ensure that magic quotes gpc is enabled and register globals is disabled to mitigate the risk of SQL injection attacks.